cosmetics in debug output
[strongswan.git] / src / libpts / pts / components / ita / ita_comp_tboot.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 *
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "ita_comp_tboot.h"
18 #include "ita_comp_func_name.h"
19
20 #include "pts/components/pts_component.h"
21
22 #include <debug.h>
23 #include <pen/pen.h>
24
25 typedef struct pts_ita_comp_tboot_t pts_ita_comp_tboot_t;
26
27 /**
28 * Private data of a pts_ita_comp_tboot_t object.
29 *
30 */
31 struct pts_ita_comp_tboot_t {
32
33 /**
34 * Public pts_component_t interface.
35 */
36 pts_component_t public;
37
38 /**
39 * Component Functional Name
40 */
41 pts_comp_func_name_t *name;
42
43 /**
44 * Sub-component depth
45 */
46 u_int32_t depth;
47
48 /**
49 * Extended PCR last handled
50 */
51 u_int32_t extended_pcr;
52
53 /**
54 * Time of TBOOT measurement
55 */
56 time_t measurement_time;
57
58 };
59
60 METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
61 pts_ita_comp_tboot_t *this)
62 {
63 return this->name;
64 }
65
66 METHOD(pts_component_t, get_evidence_flags, u_int8_t,
67 pts_ita_comp_tboot_t *this)
68 {
69 return PTS_REQ_FUNC_COMP_EVID_PCR;
70 }
71
72 METHOD(pts_component_t, get_depth, u_int32_t,
73 pts_ita_comp_tboot_t *this)
74 {
75 return this->depth;
76 }
77
78 METHOD(pts_component_t, measure, status_t,
79 pts_ita_comp_tboot_t *this, pts_t *pts, pts_comp_evidence_t **evidence)
80 {
81 pts_comp_evidence_t *evid;
82 char *meas_hex, *pcr_before_hex, *pcr_after_hex;
83 chunk_t measurement, pcr_before, pcr_after;
84 pts_pcr_transform_t pcr_transform;
85 pts_meas_algorithms_t hash_algo;
86
87 switch (this->extended_pcr)
88 {
89 case 0:
90 /* dummy data since currently the TBOOT log is not retrieved */
91 time(&this->measurement_time);
92 meas_hex = lib->settings->get_str(lib->settings,
93 "libimcv.plugins.imc-attestation.pcr17_meas", NULL);
94 pcr_before_hex = lib->settings->get_str(lib->settings,
95 "libimcv.plugins.imc-attestation.pcr17_before", NULL);
96 pcr_after_hex = lib->settings->get_str(lib->settings,
97 "libimcv.plugins.imc-attestation.pcr17_after", NULL);
98 this->extended_pcr = PCR_TBOOT_POLICY;
99 break;
100 case PCR_TBOOT_POLICY:
101 /* dummy data since currently the TBOOT log is not retrieved */
102 meas_hex = lib->settings->get_str(lib->settings,
103 "libimcv.plugins.imc-attestation.pcr18_meas", NULL);
104 pcr_before_hex = lib->settings->get_str(lib->settings,
105 "libimcv.plugins.imc-attestation.pcr18_before", NULL);
106 pcr_after_hex = lib->settings->get_str(lib->settings,
107 "libimcv.plugins.imc-attestation.pcr18_after", NULL);
108 this->extended_pcr = PCR_TBOOT_MLE;
109 break;
110 default:
111 return FAILED;
112 }
113
114 hash_algo = pts->get_meas_algorithm(pts);
115 switch (hash_algo)
116 {
117 case PTS_MEAS_ALGO_SHA1:
118 pcr_transform = PTS_PCR_TRANSFORM_MATCH;
119 case PTS_MEAS_ALGO_SHA256:
120 case PTS_MEAS_ALGO_SHA384:
121 pcr_transform = PTS_PCR_TRANSFORM_LONG;
122 case PTS_MEAS_ALGO_NONE:
123 default:
124 pcr_transform = PTS_PCR_TRANSFORM_NO;
125 }
126
127 measurement = chunk_from_hex(
128 chunk_create(meas_hex, strlen(meas_hex)), NULL);
129 pcr_before = chunk_from_hex(
130 chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
131 pcr_after = chunk_from_hex(
132 chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
133
134 evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
135 this->depth, this->extended_pcr,
136 hash_algo, pcr_transform,
137 this->measurement_time, measurement);
138 evid->set_pcr_info(evid, pcr_before, pcr_after);
139
140
141
142 return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
143 }
144
145 METHOD(pts_component_t, verify, status_t,
146 pts_ita_comp_tboot_t *this, pts_t *pts, pts_database_t *pts_db,
147 pts_comp_evidence_t *evidence)
148 {
149 bool has_pcr_info;
150 u_int32_t extended_pcr;
151 pts_meas_algorithms_t algo;
152 pts_pcr_transform_t transform;
153 time_t measurement_time;
154 chunk_t measurement, pcr_before, pcr_after, hash;
155 enumerator_t *enumerator;
156 char *file, *platform_info;
157
158 platform_info = pts->get_platform_info(pts);
159 if (!pts_db || !platform_info)
160 {
161 DBG1(DBG_PTS, "%s%s%s not available",
162 (pts_db) ? "" : "pts database",
163 (!pts_db && !platform_info) ? "and" : "",
164 (platform_info) ? "" : "platform info");
165 return FAILED;
166 }
167
168 switch (this->extended_pcr)
169 {
170 case 0:
171 this->extended_pcr = PCR_TBOOT_POLICY;
172 file = "tboot_pcr17";
173 break;
174 case PCR_TBOOT_POLICY:
175 this->extended_pcr = PCR_TBOOT_MLE;
176 file = "tboot_pcr18";
177 break;
178 default:
179 return FAILED;
180 }
181
182 measurement = evidence->get_measurement(evidence, &extended_pcr,
183 &algo, &transform, &measurement_time);
184 if (extended_pcr != this->extended_pcr)
185 {
186 return FAILED;
187 }
188
189 /* check measurement in database */
190 enumerator = pts_db->create_comp_hash_enumerator(pts_db, file,
191 platform_info, this->name, TRUSTED_HASH_ALGO);
192 if (!enumerator->enumerate(enumerator, &hash))
193 {
194 DBG1(DBG_PTS, "no measurement found in database for component:%s "
195 "for platform: %s with hash algorithm %N",
196 file, platform_info, pts_meas_algorithm_names, TRUSTED_HASH_ALGO);
197 }
198 enumerator->destroy(enumerator);
199
200 enumerator = pts_db->create_comp_hash_enumerator(pts_db, file,
201 platform_info, this->name, TRUSTED_HASH_ALGO);
202 while (enumerator->enumerate(enumerator, &hash))
203 {
204 if (!chunk_equals(hash, measurement))
205 {
206 DBG1(DBG_PTS, "PCR %2d: no matching TBOOT component measurement "
207 "found in database", this->extended_pcr);
208 DBG1(DBG_PTS, " expected: %#B", &hash);
209 DBG1(DBG_PTS, " received: %#B", &measurement);
210 return FAILED;
211 }
212 else
213 {
214 DBG2(DBG_PTS, "PCR %2d: matching TBOOT component measurement "
215 "found in database", this->extended_pcr);
216 break;
217 }
218 }
219 enumerator->destroy(enumerator);
220
221 has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
222 if (has_pcr_info)
223 {
224 if (!pts->add_pcr(pts, extended_pcr, pcr_before, pcr_after))
225 {
226 return FAILED;
227 }
228 }
229
230 return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
231 }
232
233 METHOD(pts_component_t, destroy, void,
234 pts_ita_comp_tboot_t *this)
235 {
236 this->name->destroy(this->name);
237 free(this);
238 }
239
240 /**
241 * See header
242 */
243 pts_component_t *pts_ita_comp_tboot_create(u_int8_t qualifier, u_int32_t depth)
244 {
245 pts_ita_comp_tboot_t *this;
246
247 INIT(this,
248 .public = {
249 .get_comp_func_name = _get_comp_func_name,
250 .get_evidence_flags = _get_evidence_flags,
251 .get_depth = _get_depth,
252 .measure = _measure,
253 .verify = _verify,
254 .destroy = _destroy,
255 },
256 .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,
257 qualifier),
258 .depth = depth,
259 );
260
261 return &this->public;
262 }
263